[x] Confirm that the recommendation details are accurate and complete as per the CIS benchmark.
Validate test for a pass
[x] Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
Specific conditions to check:
Condition A: Ensure the Report a security concern setting in the Teams admin center is set to On.
Condition B: Verify that Monitor reported messages in Microsoft Teams is checked in the Microsoft 365 Defender portal.
Condition C: Ensure the Send reported messages to setting in the Microsoft 365 Defender portal is set to My reporting mailbox only with the correct report email addresses.
Additional Conditions:
ReportJunkToCustomizedAddress is set to True
ReportNotJunkToCustomizedAddress is set to True
ReportPhishToCustomizedAddress is set to True
ReportJunkAddresses contains the appropriate security email address(es)
ReportNotJunkAddresses contains the appropriate security email address(es)
ReportPhishAddresses contains the appropriate security email address(es)
ReportChatMessageToCustomizedAddressEnabled is set to True
ReportChatMessageEnabled is set to False
Validate test for a fail
[x] Confirm that the failure conditions in the automated test are consistent with the manual audit results.
Specific conditions to check:
Condition A: The Report a security concern setting in the Teams admin center is not set to On.
Condition B: The Monitor reported messages in Microsoft Teams setting is not checked in the Microsoft 365 Defender portal.
Condition C: The Send reported messages to setting in the Microsoft 365 Defender portal is not set to My reporting mailbox only or the report email addresses are incorrect.
Additional Failure Conditions:
ReportJunkToCustomizedAddress is not set to True
ReportNotJunkToCustomizedAddress is not set to True
ReportPhishToCustomizedAddress is not set to True
ReportJunkAddresses does not contain the appropriate security email address(es)
ReportNotJunkAddresses does not contain the appropriate security email address(es)
ReportPhishAddresses does not contain the appropriate security email address(es)
ReportChatMessageToCustomizedAddressEnabled is not set to True
ReportChatMessageEnabled is not set to False
Add notes and observations
[ ] Compare the automated audit results with the manual audit steps and provide detailed observations.
Automated audit produced info consistent with the manual audit test results? (Yes/No)
Without disclosing any sensitive information, document any discrepancies between the actual output and the expected output.
Document any error messages, removing any sensitive information before submitting.
Identify the specific function, line, or section of the script that failed, if known.
Provide any additional context or observations that might help in troubleshooting.
If needed, the helpers folder in .\source\helpers contains a CSV to assist with locating the test definition.
Validation for Test-ReportSecurityInTeams.ps1
Recommendation Details
Test-ReportSecurityInTeams.ps1
Tasks
Validate recommendation details
Validate test for a pass
Report a security concern
setting in the Teams admin center is set toOn
.Monitor reported messages in Microsoft Teams
is checked in the Microsoft 365 Defender portal.Send reported messages to
setting in the Microsoft 365 Defender portal is set toMy reporting mailbox only
with the correct report email addresses.ReportJunkToCustomizedAddress
is set toTrue
ReportNotJunkToCustomizedAddress
is set toTrue
ReportPhishToCustomizedAddress
is set toTrue
ReportJunkAddresses
contains the appropriate security email address(es)ReportNotJunkAddresses
contains the appropriate security email address(es)ReportPhishAddresses
contains the appropriate security email address(es)ReportChatMessageToCustomizedAddressEnabled
is set toTrue
ReportChatMessageEnabled
is set toFalse
Validate test for a fail
Report a security concern
setting in the Teams admin center is not set toOn
.Monitor reported messages in Microsoft Teams
setting is not checked in the Microsoft 365 Defender portal.Send reported messages to
setting in the Microsoft 365 Defender portal is not set toMy reporting mailbox only
or the report email addresses are incorrect.ReportJunkToCustomizedAddress
is not set toTrue
ReportNotJunkToCustomizedAddress
is not set toTrue
ReportPhishToCustomizedAddress
is not set toTrue
ReportJunkAddresses
does not contain the appropriate security email address(es)ReportNotJunkAddresses
does not contain the appropriate security email address(es)ReportPhishAddresses
does not contain the appropriate security email address(es)ReportChatMessageToCustomizedAddressEnabled
is not set toTrue
ReportChatMessageEnabled
is not set toFalse
Add notes and observations
If needed, the helpers folder in .\source\helpers contains a CSV to assist with locating the test definition.